search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Allow IPv6 address entry in tools>ping - Loosens valid character check
[tomato/davidwu.git] / release / src / router / xl2tpd / control.c
bloba314f266b66d450b54d20dad5912aa38a2da688e
1 /*
2 * Layer Two Tunnelling Protocol Daemon
3 * Copyright (C) 1998 Adtran, Inc.
4 * Copyright (C) 2002 Jeff McAdams
5 *
6 * Mark Spencer
7 *
8 * This software is distributed under the terms
9 * of the GPL, which you should have received
10 * along with this source.
11 *
12 * Control Packet Handling
13 *
14 */
15
16 #include <errno.h>
17 #include <string.h>
18 #include <stdio.h>
19 #include <netinet/in.h>
20 #include <arpa/inet.h>
21 #include <unistd.h>
22 #include <stdlib.h>
23 #include "l2tp.h"
24
25 _u16 ppp_crc16_table[256] = {
26 0x0000, 0x1189, 0x2312, 0x329b, 0x4624, 0x57ad, 0x6536, 0x74bf,
27 0x8c48, 0x9dc1, 0xaf5a, 0xbed3, 0xca6c, 0xdbe5, 0xe97e, 0xf8f7,
28 0x1081, 0x0108, 0x3393, 0x221a, 0x56a5, 0x472c, 0x75b7, 0x643e,
29 0x9cc9, 0x8d40, 0xbfdb, 0xae52, 0xdaed, 0xcb64, 0xf9ff, 0xe876,
30 0x2102, 0x308b, 0x0210, 0x1399, 0x6726, 0x76af, 0x4434, 0x55bd,
31 0xad4a, 0xbcc3, 0x8e58, 0x9fd1, 0xeb6e, 0xfae7, 0xc87c, 0xd9f5,
32 0x3183, 0x200a, 0x1291, 0x0318, 0x77a7, 0x662e, 0x54b5, 0x453c,
33 0xbdcb, 0xac42, 0x9ed9, 0x8f50, 0xfbef, 0xea66, 0xd8fd, 0xc974,
34 0x4204, 0x538d, 0x6116, 0x709f, 0x0420, 0x15a9, 0x2732, 0x36bb,
35 0xce4c, 0xdfc5, 0xed5e, 0xfcd7, 0x8868, 0x99e1, 0xab7a, 0xbaf3,
36 0x5285, 0x430c, 0x7197, 0x601e, 0x14a1, 0x0528, 0x37b3, 0x263a,
37 0xdecd, 0xcf44, 0xfddf, 0xec56, 0x98e9, 0x8960, 0xbbfb, 0xaa72,
38 0x6306, 0x728f, 0x4014, 0x519d, 0x2522, 0x34ab, 0x0630, 0x17b9,
39 0xef4e, 0xfec7, 0xcc5c, 0xddd5, 0xa96a, 0xb8e3, 0x8a78, 0x9bf1,
40 0x7387, 0x620e, 0x5095, 0x411c, 0x35a3, 0x242a, 0x16b1, 0x0738,
41 0xffcf, 0xee46, 0xdcdd, 0xcd54, 0xb9eb, 0xa862, 0x9af9, 0x8b70,
42 0x8408, 0x9581, 0xa71a, 0xb693, 0xc22c, 0xd3a5, 0xe13e, 0xf0b7,
43 0x0840, 0x19c9, 0x2b52, 0x3adb, 0x4e64, 0x5fed, 0x6d76, 0x7cff,
44 0x9489, 0x8500, 0xb79b, 0xa612, 0xd2ad, 0xc324, 0xf1bf, 0xe036,
45 0x18c1, 0x0948, 0x3bd3, 0x2a5a, 0x5ee5, 0x4f6c, 0x7df7, 0x6c7e,
46 0xa50a, 0xb483, 0x8618, 0x9791, 0xe32e, 0xf2a7, 0xc03c, 0xd1b5,
47 0x2942, 0x38cb, 0x0a50, 0x1bd9, 0x6f66, 0x7eef, 0x4c74, 0x5dfd,
48 0xb58b, 0xa402, 0x9699, 0x8710, 0xf3af, 0xe226, 0xd0bd, 0xc134,
49 0x39c3, 0x284a, 0x1ad1, 0x0b58, 0x7fe7, 0x6e6e, 0x5cf5, 0x4d7c,
50 0xc60c, 0xd785, 0xe51e, 0xf497, 0x8028, 0x91a1, 0xa33a, 0xb2b3,
51 0x4a44, 0x5bcd, 0x6956, 0x78df, 0x0c60, 0x1de9, 0x2f72, 0x3efb,
52 0xd68d, 0xc704, 0xf59f, 0xe416, 0x90a9, 0x8120, 0xb3bb, 0xa232,
53 0x5ac5, 0x4b4c, 0x79d7, 0x685e, 0x1ce1, 0x0d68, 0x3ff3, 0x2e7a,
54 0xe70e, 0xf687, 0xc41c, 0xd595, 0xa12a, 0xb0a3, 0x8238, 0x93b1,
55 0x6b46, 0x7acf, 0x4854, 0x59dd, 0x2d62, 0x3ceb, 0x0e70, 0x1ff9,
56 0xf78f, 0xe606, 0xd49d, 0xc514, 0xb1ab, 0xa022, 0x92b9, 0x8330,
57 0x7bc7, 0x6a4e, 0x58d5, 0x495c, 0x3de3, 0x2c6a, 0x1ef1, 0x0f78
58 };
59
60 int global_serno = 1;
61
62 struct buffer *new_outgoing (struct tunnel *t)
63 {
64 /*
65 * Make a new outgoing control packet
66 */
67 struct buffer *tmp = new_buf (MAX_RECV_SIZE);
68 if (!tmp)
69 return NULL;
70 tmp->peer = t->peer;
71 tmp->start += sizeof (struct control_hdr);
72 tmp->len = 0;
73 tmp->retries = 0;
74 tmp->tunnel = t;
75 return tmp;
76 }
77
78 inline void recycle_outgoing (struct buffer *buf, struct sockaddr_in peer)
79 {
80 /*
81 * This should only be used for ZLB's!
82 */
83 buf->start = buf->rstart + sizeof (struct control_hdr);
84 buf->peer = peer;
85 buf->len = 0;
86 buf->retries = -1;
87 buf->tunnel = NULL;
88 }
89 void add_fcs (struct buffer *buf)
90 {
91 _u16 fcs = PPP_INITFCS;
92 unsigned char *c = buf->start;
93 int x;
94 for (x = 0; x < buf->len; x++)
95 {
96 fcs = PPP_FCS (fcs, *c);
97 c++;
98 }
99 fcs = fcs ^ 0xFFFF;
100 *c = fcs & 0xFF;
101 c++;
102 *c = (fcs >> 8) & 0xFF;
103 buf->len += 2;
104 }
105
106 void add_control_hdr (struct tunnel *t, struct call *c, struct buffer *buf)
107 {
108 struct control_hdr *h;
109 buf->start -= sizeof (struct control_hdr);
110 buf->len += sizeof (struct control_hdr);
111 h = (struct control_hdr *) buf->start;
112 h->ver = htons (TBIT | LBIT | FBIT | VER_L2TP);
113 h->length = htons ((_u16) buf->len);
114 h->tid = htons (t->tid);
115 h->cid = htons (c->cid);
116 h->Ns = htons (t->control_seq_num);
117 h->Nr = htons (t->control_rec_seq_num);
118 t->control_seq_num++;
119
120 }
121
122 void hello (void *tun)
123 {
124 struct buffer *buf;
125 struct tunnel *t;
126 struct timeval tv;
127 tv.tv_sec = HELLO_DELAY;
128 tv.tv_usec = 0;
129 t = (struct tunnel *) tun;
130 buf = new_outgoing (t);
131 add_message_type_avp (buf, Hello);
132 add_control_hdr (t, t->self, buf);
133 if (gconfig.packet_dump)
134 do_packet_dump (buf);
135 #ifdef DEBUG_HELLO
136 l2tp_log (LOG_DEBUG, "%s: sending Hello on %d\n", __FUNCTION__, t->ourtid);
137 #endif
138 control_xmit (buf);
139 /*
140 * Schedule another Hello in a little bit.
141 */
142 #ifdef DEBUG_HELLO
143 l2tp_log (LOG_DEBUG, "%s: scheduling another Hello on %d\n", __FUNCTION__,
144 t->ourtid);
145 #endif
146 t->hello = schedule (tv, hello, (void *) t);
147 }
148
149 void control_zlb (struct buffer *buf, struct tunnel *t, struct call *c)
150 {
151 recycle_outgoing (buf, t->peer);
152 add_control_hdr (t, c, buf);
153 t->control_seq_num--;
154 #ifdef DEBUG_ZLB
155 l2tp_log (LOG_DEBUG, "%s: sending control ZLB on tunnel %d\n", __FUNCTION__,
156 t->tid);
157 #endif
158 udp_xmit (buf, t);
159 }
160
161 int control_finish (struct tunnel *t, struct call *c)
162 {
163 /*
164 * After all AVP's have been handled, do anything else
165 * which needs to be done, like prepare response
166 * packets to go back. This is essentially the
167 * implementation of the state machine of section 7.2.1
168 *
169 * If we set c->needclose, the call (or tunnel) will
170 * be closed upon return.
171 */
172 struct buffer *buf;
173 struct call *p, *z;
174 struct tunnel *y;
175 struct timeval tv;
176 struct ppp_opts *po;
177 char ip1[STRLEN];
178 char ip2[STRLEN];
179 char dummy_buf[128] = "/var/l2tp/"; /* jz: needed to read /etc/ppp/var.options - just kick it if you don't like */
180 char passwdfd_buf[32] = ""; /* buffer for the fd, not the password */
181 int i;
182 int pppd_passwdfd[2];
183 int tmptid,tmpcid;
184
185 if (c->msgtype < 0)
186 {
187 l2tp_log (LOG_DEBUG, "%s: Whoa... non-ZLB with no message type!\n",
188 __FUNCTION__);
189 return -EINVAL;
190 }
191 if (gconfig.debug_state)
192 l2tp_log (LOG_DEBUG,
193 "%s: message type is %s(%d). Tunnel is %d, call is %d.\n",
194 __FUNCTION__, msgtypes[c->msgtype], c->msgtype, t->tid, c->cid);
195 switch (c->msgtype)
196 {
197 case 0:
198 /*
199 * We need to initiate a connection.
200 */
201 if (t->self == c)
202 {
203 if (t->lns)
204 {
205 t->ourrws = t->lns->tun_rws;
206 t->hbit = t->lns->hbit;
207 t->rxspeed = t->lns->rxspeed;
208 t->txspeed = t->lns->txspeed;
209 }
210 else if (t->lac)
211 {
212 t->ourrws = t->lac->tun_rws;
213 t->hbit = t->lac->hbit;
214 t->rxspeed = t->lac->rxspeed;
215 t->txspeed = t->lac->txspeed;
216 }
217 /* This is an attempt to bring up the tunnel */
218 t->state = SCCRQ;
219 buf = new_outgoing (t);
220 add_message_type_avp (buf, SCCRQ);
221 if (t->hbit)
222 {
223 mk_challenge (t->chal_them.vector, VECTOR_SIZE);
224 add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE);
225 }
226 add_protocol_avp (buf);
227 add_frame_caps_avp (buf, t->ourfc);
228 add_bearer_caps_avp (buf, t->ourbc);
229 /* FIXME: Tie breaker */
230 add_firmware_avp (buf);
231 if (t->lac && t->lac->hostname && t->lac->hostname[0])
232 add_hostname_avp (buf, t->lac->hostname);
233 else if (t->lns && t->lns->hostname && t->lns->hostname[0])
234 add_hostname_avp (buf, t->lns->hostname);
235 else
236 add_hostname_avp (buf, hostname);
237 add_vendor_avp (buf);
238 add_tunnelid_avp (buf, t->ourtid);
239 if (t->ourrws >= 0)
240 add_avp_rws (buf, t->ourrws);
241 if ((t->lac && t->lac->challenge)
242 || (t->lns && t->lns->challenge))
243 {
244 if (t->chal_them.challenge)
245 free(t->chal_them.challenge);
246 t->chal_them.challenge = malloc(MD_SIG_SIZE);
247 if (!(t->chal_them.challenge))
248 {
249 l2tp_log (LOG_WARNING, "%s: malloc failed for challenge\n",
250 __FUNCTION__);
251 toss (buf);
252 return -EINVAL;
253 }
254 mk_challenge (t->chal_them.challenge, MD_SIG_SIZE);
255 t->chal_them.chal_len = MD_SIG_SIZE;
256 add_challenge_avp (buf, t->chal_them.challenge,
257 t->chal_them.chal_len);
258 t->chal_them.state = STATE_CHALLENGED;
259 /* We generate the challenge and make a note that we plan to
260 challenge the peer, but we can't predict the response yet
261 because we don't know their hostname AVP */
262 }
263 add_control_hdr (t, c, buf);
264 c->cnu = 0;
265 if (gconfig.packet_dump)
266 do_packet_dump (buf);
267 if (gconfig.debug_state)
268 l2tp_log (LOG_DEBUG, "%s: sending SCCRQ\n",
269 __FUNCTION__);
270 control_xmit (buf);
271 }
272 else
273 {
274 if (switch_io)
275 {
276 c->state = ICRQ;
277 if (c->lns)
278 {
279 c->lbit = c->lns->lbit ? LBIT : 0;
280 /* c->ourrws = c->lns->call_rws;
281 if (c->ourrws > -1) c->ourfbit = FBIT; else c->ourfbit = 0; */
282 }
283 else if (c->lac)
284 {
285 c->lbit = c->lac->lbit ? LBIT : 0;
286 /* c->ourrws = c->lac->call_rws;
287 if (c->ourrws > -1) c->ourfbit = FBIT; else c->ourfbit = 0; */
288 }
289 buf = new_outgoing (t);
290 add_message_type_avp (buf, ICRQ);
291 if (t->hbit)
292 {
293 mk_challenge (t->chal_them.vector, VECTOR_SIZE);
294 add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE);
295 }
296 #ifdef TEST_HIDDEN
297 add_callid_avp (buf, c->ourcid, t);
298 #else
299 add_callid_avp (buf, c->ourcid);
300 #endif
301 add_serno_avp (buf, global_serno);
302 c->serno = global_serno;
303 global_serno++;
304 add_bearer_avp (buf, 0);
305 add_control_hdr (t, c, buf);
306 c->cnu = 0;
307 if (gconfig.packet_dump)
308 do_packet_dump (buf);
309 if (gconfig.debug_state)
310 l2tp_log (LOG_DEBUG, "%s: sending ICRQ\n", __FUNCTION__);
311 control_xmit (buf);
312 }
313 else
314 { /* jz: sending a OCRQ */
315 c->state = OCRQ;
316 if (c->lns)
317 {
318 c->lbit = c->lns->lbit ? LBIT : 0;
319 /* c->ourrws = c->lns->call_rws;
320 if (c->ourrws > -1) c->ourfbit = FBIT; else c->ourfbit = 0; */
321 }
322 else if (c->lac)
323 {
324 /* c->ourrws = c->lac->call_rws;
325 if (c->ourrws > -1) c->ourfbit = FBIT; else c->ourfbit = 0; */
326 }
327
328 if (t->fc & SYNC_FRAMING)
329 c->frame = SYNC_FRAMING;
330 else
331 c->frame = ASYNC_FRAMING;
332 buf = new_outgoing (t);
333 add_message_type_avp (buf, OCRQ);
334 #ifdef TEST_HIDDEN
335 add_callid_avp (buf, c->ourcid, t);
336 #else
337 add_callid_avp (buf, c->ourcid);
338 #endif
339 add_serno_avp (buf, global_serno);
340 c->serno = global_serno;
341 global_serno++;
342 add_minbps_avp (buf, DEFAULT_MIN_BPS);
343 add_maxbps_avp (buf, DEFAULT_MAX_BPS);
344 add_bearer_avp (buf, 0);
345 add_frame_avp (buf, c->frame);
346 add_number_avp (buf, c->dial_no);
347 add_control_hdr (t, c, buf);
348 c->cnu = 0;
349 if (gconfig.packet_dump)
350 do_packet_dump (buf);
351 control_xmit (buf);
352 }
353 }
354 break;
355 case SCCRQ:
356 /*
357 * We've received a request, now let's
358 * formulate a response.
359 */
360 if (t->tid <= 0)
361 {
362 if (DEBUG)
363 l2tp_log (LOG_DEBUG,
364 "%s: Peer did not specify assigned tunnel ID. Closing.\n",
365 __FUNCTION__);
366 set_error (c, VENDOR_ERROR, "Specify your assigned tunnel ID");
367 c->needclose = -1;
368 return -EINVAL;
369 }
370 if (!(t->lns = get_lns (t)))
371 {
372 if (DEBUG)
373 l2tp_log (LOG_DEBUG,
374 "%s: Denied connection to unauthorized peer %s\n",
375 __FUNCTION__, IPADDY (t->peer.sin_addr));
376 set_error (c, VENDOR_ERROR, "No Authorization");
377 c->needclose = -1;
378 return -EINVAL;
379 }
380 t->ourrws = t->lns->tun_rws;
381 t->hbit = t->lns->hbit;
382 if (t->fc < 0)
383 {
384 if (DEBUG)
385 l2tp_log (LOG_DEBUG,
386 "%s: Peer did not specify framing capability. Closing.\n",
387 __FUNCTION__);
388 set_error (c, VENDOR_ERROR, "Specify framing capability");
389 c->needclose = -1;
390 return -EINVAL;
391 }
392 /* FIXME: Do we need to be sure they specified a version number?
393 * Theoretically, yes, but we don't have anything in the code
394 * to actually *do* anything with it, so...why check at this point?
395 * We shouldn't be requiring a bearer capabilities avp to be present in
396 * SCCRQ and SCCRP as they aren't required
397 if (t->bc < 0 ) {
398 if (DEBUG) l2tp_log(LOG_DEBUG,
399 "%s: Peer did not specify bearer capability. Closing.\n",__FUNCTION__);
400 set_error(c, VENDOR_ERROR, "Specify bearer capability");
401 c->needclose = -1;
402 return -EINVAL;
403 } */
404 if ((!strlen (t->hostname)) && ((t->chal_us.state) || ((t->lns->challenge))))
405 {
406 if (DEBUG)
407 l2tp_log (LOG_DEBUG,
408 "%s: Peer did not specify hostname. Closing.\n",
409 __FUNCTION__);
410 set_error (c, VENDOR_ERROR, "Specify your hostname");
411 c->needclose = -1;
412 return -EINVAL;
413 }
414 y = tunnels.head;
415 while (y)
416 {
417 if ((y->tid == t->tid) &&
418 (y->peer.sin_addr.s_addr == t->peer.sin_addr.s_addr) &&
419 (!gconfig.ipsecsaref || y->refhim == t->refhim) &&
420 (y != t))
421 {
422 /* This can happen if we get a duplicate
423 StartCCN or if they don't get our ack packet */
424 /*
425 * But it is legitimate for two different remote systems
426 * to use the same tid
427 */
428 l2tp_log (LOG_DEBUG,
429 "%s: Peer requested tunnel %d twice, ignoring second one.\n",
430 __FUNCTION__, t->tid);
431 c->needclose = 0;
432 c->closing = -1;
433 return 0;
434 }
435 y = y->next;
436 }
437 t->state = SCCRP;
438 buf = new_outgoing (t);
439 add_message_type_avp (buf, SCCRP);
440 if (t->hbit)
441 {
442 mk_challenge (t->chal_them.vector, VECTOR_SIZE);
443 add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE);
444 }
445 add_protocol_avp (buf);
446 add_frame_caps_avp (buf, t->ourfc);
447 add_bearer_caps_avp (buf, t->ourbc);
448 add_firmware_avp (buf);
449 if (t->lac && t->lac->hostname && t->lac->hostname[0])
450 add_hostname_avp (buf, t->lac->hostname);
451 else if (t->lns && t->lns->hostname && t->lns->hostname[0])
452 add_hostname_avp (buf, t->lns->hostname);
453 else
454 add_hostname_avp (buf, hostname);
455 add_vendor_avp (buf);
456 add_tunnelid_avp (buf, t->ourtid);
457 if (t->ourrws >= 0)
458 add_avp_rws (buf, t->ourrws);
459 if (t->chal_us.state)
460 {
461 t->chal_us.ss = SCCRP;
462 handle_challenge (t, &t->chal_us);
463 add_chalresp_avp (buf, t->chal_us.response, MD_SIG_SIZE);
464 }
465 if (t->lns->challenge)
466 {
467 if (t->chal_them.challenge)
468 free(t->chal_them.challenge);
469 t->chal_them.challenge = malloc(MD_SIG_SIZE);
470 if (!(t->chal_them.challenge))
471 {
472 l2tp_log (LOG_WARNING, "%s: malloc failed\n", __FUNCTION__);
473 set_error (c, VENDOR_ERROR, "malloc failed");
474 toss (buf);
475 return -EINVAL;
476 }
477 mk_challenge (t->chal_them.challenge, MD_SIG_SIZE);
478 t->chal_them.chal_len = MD_SIG_SIZE;
479 t->chal_them.ss = SCCCN;
480 if (handle_challenge (t, &t->chal_them))
481 {
482 /* We already know what to expect back */
483 l2tp_log (LOG_WARNING, "%s: No secret for '%s'\n", __FUNCTION__,
484 t->hostname);
485 set_error (c, VENDOR_ERROR, "No secret on our side");
486 toss (buf);
487 return -EINVAL;
488 };
489 add_challenge_avp (buf, t->chal_them.challenge,
490 t->chal_them.chal_len);
491 }
492 add_control_hdr (t, c, buf);
493 if (gconfig.packet_dump)
494 do_packet_dump (buf);
495 c->cnu = 0;
496 if (gconfig.debug_state)
497 l2tp_log (LOG_DEBUG, "%s: sending SCCRP\n", __FUNCTION__);
498 sleep(2);
499 control_xmit (buf);
500 break;
501 case SCCRP:
502 /*
503 * We have a reply. If everything is okay, send
504 * a connected message
505 */
506 if (t->fc < 0)
507 {
508 if (DEBUG)
509 l2tp_log (LOG_DEBUG,
510 "%s: Peer did not specify framing capability. Closing.\n",
511 __FUNCTION__);
512 set_error (c, VENDOR_ERROR, "Specify framing capability");
513 c->needclose = -1;
514 return -EINVAL;
515 }
516 /* FIXME: Do we need to be sure they specified a version number?
517 * Theoretically, yes, but we don't have anything in the code
518 * to actually *do* anything with it, so...why check at this point?
519 * We shouldn't be requiring a bearer capabilities avp to be present in
520 * SCCRQ and SCCRP as they aren't required
521 if (t->bc < 0 ) {
522 if (DEBUG) log(LOG_DEBUG,
523 "%s: Peer did not specify bearer capability. Closing.\n",__FUNCTION__);
524 set_error(c, VENDOR_ERROR, "Specify bearer capability");
525 c->needclose = -1;
526 return -EINVAL;
527 } */
528 if ((!strlen (t->hostname)) && ((t->chal_them.state) || ((t->chal_us.state))))
529 {
530 if (DEBUG)
531 l2tp_log (LOG_DEBUG,
532 "%s: Peer did not specify hostname. Closing.\n",
533 __FUNCTION__);
534 set_error (c, VENDOR_ERROR, "Specify your hostname");
535 c->needclose = -1;
536 return -EINVAL;
537 }
538 if (t->tid <= 0)
539 {
540 if (DEBUG)
541 l2tp_log (LOG_DEBUG,
542 "%s: Peer did not specify assigned tunnel ID. Closing.\n",
543 __FUNCTION__);
544 set_error (c, VENDOR_ERROR, "Specify your assigned tunnel ID");
545 c->needclose = -1;
546 return -EINVAL;
547 }
548 if (t->chal_them.state)
549 {
550 t->chal_them.ss = SCCRP;
551 if (handle_challenge (t, &t->chal_them))
552 {
553 set_error (c, VENDOR_ERROR, "No secret key on our side");
554 l2tp_log (LOG_WARNING, "%s: No secret key for authenticating '%s'\n",
555 __FUNCTION__, t->hostname);
556 c->needclose = -1;
557 return -EINVAL;
558 }
559 if (memcmp
560 (t->chal_them.reply, t->chal_them.response, MD_SIG_SIZE))
561 {
562 set_error (c, VENDOR_ERROR,
563 "Invalid challenge authentication");
564 l2tp_log (LOG_DEBUG, "%s: Invalid authentication for host '%s'\n",
565 __FUNCTION__, t->hostname);
566 c->needclose = -1;
567 return -EINVAL;
568 }
569 }
570 if (t->chal_us.state)
571 {
572 t->chal_us.ss = SCCCN;
573 if (handle_challenge (t, &t->chal_us))
574 {
575 l2tp_log (LOG_WARNING, "%s: No secret for authenticating to '%s'\n",
576 __FUNCTION__, t->hostname);
577 set_error (c, VENDOR_ERROR, "No secret key on our end");
578 c->needclose = -1;
579 return -EINVAL;
580 };
581 }
582 t->state = SCCCN;
583 buf = new_outgoing (t);
584 add_message_type_avp (buf, SCCCN);
585 if (t->hbit)
586 {
587 mk_challenge (t->chal_them.vector, VECTOR_SIZE);
588 add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE);
589 }
590 if (t->chal_us.state)
591 add_chalresp_avp (buf, t->chal_us.response, MD_SIG_SIZE);
592 add_control_hdr (t, c, buf);
593 if (gconfig.packet_dump)
594 do_packet_dump (buf);
595 c->cnu = 0;
596 if (gconfig.debug_state)
597 l2tp_log (LOG_DEBUG, "%s: sending SCCCN\n", __FUNCTION__);
598 control_xmit (buf);
599 /* Schedule a HELLO */
600 tv.tv_sec = HELLO_DELAY;
601 tv.tv_usec = 0;
602 #ifdef DEBUG_HELLO
603 l2tp_log (LOG_DEBUG, "%s: scheduling initial HELLO on %d\n", __FUNCTION__,
604 t->ourtid);
605 #endif
606 t->hello = schedule (tv, hello, (void *) t);
607 l2tp_log (LOG_NOTICE,
608 "Connection established to %s, %d. Local: %d, Remote: %d (ref=%u/%u).\n",
609 IPADDY (t->peer.sin_addr),
610 ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim);
611 if (t->lac)
612 {
613 /* This is part of a LAC, so we want to go ahead
614 and start an ICRQ now */
615 magic_lac_dial (t->lac);
616 }
617 break;
618 case SCCCN:
619 if (t->chal_them.state)
620 {
621 if (memcmp
622 (t->chal_them.reply, t->chal_them.response, MD_SIG_SIZE))
623 {
624 set_error (c, VENDOR_ERROR,
625 "Invalid challenge authentication");
626 l2tp_log (LOG_DEBUG, "%s: Invalid authentication for host '%s'\n",
627 __FUNCTION__, t->hostname);
628 c->needclose = -1;
629 return -EINVAL;
630 }
631 }
632 t->state = SCCCN;
633 l2tp_log (LOG_NOTICE,
634 "Connection established to %s, %d. Local: %d, Remote: %d (ref=%u/%u). LNS session is '%s'\n",
635 IPADDY (t->peer.sin_addr),
636 ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim,
637 t->lns->entname);
638 /* Schedule a HELLO */
639 tv.tv_sec = HELLO_DELAY;
640 tv.tv_usec = 0;
641 #ifdef DEBUG_HELLO
642 l2tp_log (LOG_DEBUG, "%s: scheduling initial HELLO on %d\n", __FUNCTION__,
643 t->ourtid);
644 #endif
645 t->hello = schedule (tv, hello, (void *) t);
646 break;
647 case StopCCN:
648 if (t->qtid < 0)
649 {
650 if (DEBUG)
651 l2tp_log (LOG_DEBUG,
652 "%s: Peer tried to disconnect without specifying tunnel ID\n",
653 __FUNCTION__);
654 return -EINVAL;
655 }
656
657 /* Work around bug in MSL2TP client */
658 if ((t->firmware == 0xff00) && (!(strncmp(t->vendor, "Deterministic Networks Inc.", 27))))
659 tmptid = t->ourtid;
660 else
661 tmptid = t->tid;
662 if ((t->qtid != tmptid) && (tmptid > 0))
663 {
664 if (DEBUG)
665 l2tp_log (LOG_DEBUG,
666 "%s: Peer [Vendor:%s] [Firmware:%d (0x%.4x)] tried to disconnect with invalid TID (%d != %d)\n",
667 __FUNCTION__, t->vendor, t->firmware, t->firmware, t->qtid, tmptid);
668 return -EINVAL;
669 }
670 /* In case they're disconnecting immediately after SCCN */
671 if (!t->tid)
672 t->tid = t->qtid;
673 if (t->self->result < 0)
674 {
675 if (DEBUG)
676 l2tp_log (LOG_DEBUG,
677 "%s: Peer tried to disconnect without specifying result code.\n",
678 __FUNCTION__);
679 return -EINVAL;
680 }
681 l2tp_log (LOG_INFO,
682 "%s: Connection closed to %s, port %d (%s), Local: %d, Remote: %d\n",
683 __FUNCTION__, IPADDY (t->peer.sin_addr),
684 ntohs (t->peer.sin_port), t->self->errormsg, t->ourtid, t->tid);
685 c->needclose = 0;
686 c->closing = -1;
687 break;
688 case ICRQ:
689 p = t->call_head;
690 if (!p->lns)
691 {
692 set_error (p, ERROR_INVALID, "This tunnel cannot accept calls\n");
693 call_close (p);
694 return -EINVAL;
695 }
696 p->lbit = p->lns->lbit ? LBIT : 0;
697 /* p->ourrws = p->lns->call_rws;
698 if (p->ourrws > -1) p->ourfbit = FBIT; else p->ourfbit = 0; */
699 if (p->cid < 0)
700 {
701 if (DEBUG)
702 l2tp_log (LOG_DEBUG,
703 "%s: Peer tried to initiate call without call ID\n",
704 __FUNCTION__);
705 /* Here it doesn't make sense to use the needclose flag because
706 the call p did not receive any packets */
707 call_close (p);
708 return -EINVAL;
709 }
710 z = p->next;
711 while (z)
712 {
713 if (z->cid == p->cid)
714 {
715 /* This can happen if we get a duplicate
716 ICRQ or if they don't get our ack packet */
717 l2tp_log (LOG_DEBUG,
718 "%s: Peer requested call %d twice, ignoring second one.\n",
719 __FUNCTION__, p->cid);
720 p->needclose = 0;
721 p->closing = -1;
722 return 0;
723 }
724 z = z->next;
725 }
726 p = t->call_head;
727 /* FIXME: by commenting this out, we're not checking whether the serial
728 * number avp is included in the ICRQ at all which its required to be.
729 * Since the serial number is only used for human debugging aid, this
730 * isn't a big deal, but it would be nice to have *some* sort of check
731 * for it and perhaps just log it and go on. */
732 /* JLM if (p->serno<1) {
733 if (DEBUG) log(LOG_DEBUG,
734 "%s: Peer did not specify serial number when initiating call\n", __FUNCTION__);
735 call_close(p);
736 return -EINVAL;
737 } */
738
739 #ifdef IP_ALLOCATION
740 if (t->lns->assign_ip) {
741 p->addr = get_addr (t->lns->range);
742 if (!p->addr)
743 {
744 set_error (p, ERROR_NORES, "No available IP address");
745 call_close (p);
746 l2tp_log (LOG_DEBUG, "%s: Out of IP addresses on tunnel %d!\n",
747 __FUNCTION__, t->tid);
748 return -EINVAL;
749 }
750 reserve_addr (p->addr);
751 }
752 else
753 p->addr = 0;
754 #endif
755
756 p->state = ICRP;
757 buf = new_outgoing (t);
758 add_message_type_avp (buf, ICRP);
759 if (t->hbit)
760 {
761 mk_challenge (t->chal_them.vector, VECTOR_SIZE);
762 add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE);
763 }
764 #ifdef TEST_HIDDEN
765 add_callid_avp (buf, p->ourcid, t);
766 #else
767 add_callid_avp (buf, p->ourcid);
768 #endif
769 /* if (p->ourrws >=0)
770 add_avp_rws(buf, p->ourrws); */
771 /*
772 * FIXME: I should really calculate
773 * Packet Processing Delay
774 */
775 /* add_ppd_avp(buf,ppd); */
776 add_control_hdr (t, p, buf);
777 if (gconfig.packet_dump)
778 do_packet_dump (buf);
779 p->cnu = 0;
780 if (gconfig.debug_state)
781 l2tp_log (LOG_DEBUG, "%s: Sending ICRP\n", __FUNCTION__);
782 control_xmit (buf);
783 break;
784 case ICRP:
785 if (c->cid < 0)
786 {
787 if (DEBUG)
788 l2tp_log (LOG_DEBUG,
789 "%s: Peer tried to negotiate ICRP without specifying call ID\n",
790 __FUNCTION__);
791 c->needclose = -1;
792 return -EINVAL;
793 }
794 c->state = ICCN;
795 if (t->fc & ASYNC_FRAMING)
796 c->frame = ASYNC_FRAMING;
797 else
798 c->frame = SYNC_FRAMING;
799
800 buf = new_outgoing (t);
801 add_message_type_avp (buf, ICCN);
802 if (t->hbit)
803 {
804 mk_challenge (t->chal_them.vector, VECTOR_SIZE);
805 add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE);
806 }
807 add_txspeed_avp (buf, t->txspeed);
808 add_frame_avp (buf, c->frame);
809 /* if (c->ourrws >= 0)
810 add_avp_rws(buf, c->ourrws); */
811 /* FIXME: Packet Processing Delay */
812 /* We don't need any kind of proxy PPP stuff */
813 /* Can we proxy authenticate ourselves??? */
814 add_rxspeed_avp (buf, t->rxspeed);
815 /* add_seqreqd_avp (buf); *//* We don't have sequencing code, so
816 * don't ask for sequencing */
817 add_control_hdr (t, c, buf);
818 if (gconfig.packet_dump)
819 do_packet_dump (buf);
820 c->cnu = 0;
821 if (gconfig.debug_state)
822 l2tp_log (LOG_DEBUG, "%s: Sending ICCN\n", __FUNCTION__);
823 l2tp_log (LOG_NOTICE,
824 "Call established with %s, Local: %d, Remote: %d, Serial: %d (ref=%u/%u)\n",
825 IPADDY (t->peer.sin_addr), c->ourcid, c->cid,
826 c->serno, t->refme, t->refhim);
827 control_xmit (buf);
828 po = NULL;
829 po = add_opt (po, "passive");
830 po = add_opt (po, "nodetach");
831 if (c->lac)
832 {
833 if (c->lac->defaultroute)
834 po = add_opt (po, "defaultroute");
835 strncpy (ip1, IPADDY (c->lac->localaddr), sizeof (ip1));
836 strncpy (ip2, IPADDY (c->lac->remoteaddr), sizeof (ip2));
837 #ifdef IP_ALLOCATION
838 po = add_opt (po, "%s:%s", c->lac->localaddr ? ip1 : "",
839 c->lac->remoteaddr ? ip2 : "");
840 #endif
841 if (c->lac->authself)
842 {
843 if (c->lac->pap_refuse)
844 po = add_opt (po, "refuse-pap");
845 if (c->lac->chap_refuse)
846 po = add_opt (po, "refuse-chap");
847 }
848 else
849 {
850 po = add_opt (po, "refuse-pap");
851 po = add_opt (po, "refuse-chap");
852 }
853 if (c->lac->authpeer)
854 {
855 po = add_opt (po, "auth");
856 if (c->lac->pap_require)
857 po = add_opt (po, "require-pap");
858 if (c->lac->chap_require)
859 po = add_opt (po, "require-chap");
860 }
861 if (c->lac->authname[0])
862 {
863 po = add_opt (po, "name");
864 po = add_opt (po, c->lac->authname);
865 }
866 if (c->lac->debug)
867 po = add_opt (po, "debug");
868 if (c->lac->password[0])
869 {
870 if (pipe (pppd_passwdfd) == -1)
871 {
872 l2tp_log (LOG_DEBUG,
873 "%s: Unable to create password pipe for pppd\n", __FUNCTION__);
874 return -EINVAL;
875 }
876 if (-1 == write (pppd_passwdfd[1], c->lac->password, strlen (c->lac->password)))
877 {
878 l2tp_log (LOG_DEBUG,
879 "%s: Unable to write password to pipe for pppd\n", __FUNCTION__);
880 close (pppd_passwdfd[1]);
881 return -EINVAL;
882 }
883 close (pppd_passwdfd[1]);
884
885 /* clear memory used for password, paranoid? */
886 for (i = 0; i < STRLEN; i++)
887 c->lac->password[i] = '\0';
888
889 po = add_opt (po, "plugin");
890 po = add_opt (po, "passwordfd.so");
891 po = add_opt (po, "passwordfd");
892 snprintf (passwdfd_buf, 32, "%d", pppd_passwdfd[0]);
893 po = add_opt (po, passwdfd_buf);
894 }
895 if (c->lac->pppoptfile[0])
896 {
897 po = add_opt (po, "file");
898 po = add_opt (po, c->lac->pppoptfile);
899 }
900 };
901 start_pppd (c, po);
902 opt_destroy (po);
903 if (c->lac)
904 c->lac->rtries = 0;
905 if (c->lac->password[0])
906 close(pppd_passwdfd[0]);
907 break;
908 case ICCN:
909 if (c == t->self)
910 {
911 l2tp_log (LOG_DEBUG,
912 "%s: Peer attempted ICCN on the actual tunnel, not the call",
913 __FUNCTION__);
914 return -EINVAL;
915 }
916 if (c->txspeed < 1)
917 {
918 l2tp_log (LOG_DEBUG,
919 "%s: Warning: Peer did not specify transmit speed\n", __FUNCTION__);
920 /* don't refuse the connection over this
921 c->needclose = -1;
922 return -EINVAL;
923 */
924 };
925 if (c->frame < 1)
926 {
927 l2tp_log (LOG_DEBUG,
928 "%s: Warning: Peer did not specify framing type\n", __FUNCTION__);
929 /* don't refuse the connection over this
930 c->needclose = -1;
931 return -EINVAL;
932 */
933 }
934 c->state = ICCN;
935 strncpy (ip1, IPADDY (c->lns->localaddr), sizeof (ip1));
936 strncpy (ip2, IPADDY (c->addr), sizeof (ip2));
937 po = NULL;
938 po = add_opt (po, "passive");
939 po = add_opt (po, "nodetach");
940 po = add_opt (po, "%s:%s", c->lns->localaddr ? ip1 : "", ip2);
941 if (c->lns->authself)
942 {
943 if (c->lns->pap_refuse)
944 po = add_opt (po, "refuse-pap");
945 if (c->lns->chap_refuse)
946 po = add_opt (po, "refuse-chap");
947 }
948 else
949 {
950 po = add_opt (po, "refuse-pap");
951 po = add_opt (po, "refuse-chap");
952 }
953 if (c->lns->authpeer)
954 {
955 po = add_opt (po, "auth");
956 if (c->lns->pap_require)
957 po = add_opt (po, "require-pap");
958 if (c->lns->chap_require)
959 po = add_opt (po, "require-chap");
960 if (c->lns->passwdauth)
961 po = add_opt (po, "login");
962 }
963 if (c->lns->authname[0])
964 {
965 po = add_opt (po, "name");
966 po = add_opt (po, c->lns->authname);
967 }
968 if (c->lns->debug)
969 po = add_opt (po, "debug");
970 if (c->lns->pppoptfile[0])
971 {
972 po = add_opt (po, "file");
973 po = add_opt (po, c->lns->pppoptfile);
974 }
975 start_pppd (c, po);
976 opt_destroy (po);
977 l2tp_log (LOG_NOTICE,
978 "Call established with %s, Local: %d, Remote: %d, Serial: %d\n",
979 IPADDY (t->peer.sin_addr), c->ourcid, c->cid,
980 c->serno);
981 break;
982 case OCRP: /* jz: nothing to do for OCRP, waiting for OCCN */
983 break;
984 case OCCN: /* jz: get OCCN, so the only thing we must do is to start the pppd */
985 po = NULL;
986 po = add_opt (po, "passive");
987 po = add_opt (po, "nodetach");
988 po = add_opt (po, "file");
989 strcat (dummy_buf, c->dial_no); /* jz: use /etc/ppp/dialnumber.options for pppd - kick it if you don't like */
990 strcat (dummy_buf, ".options");
991 po = add_opt (po, dummy_buf);
992 if (c->lac)
993 {
994 if (c->lac->defaultroute)
995 po = add_opt (po, "defaultroute");
996 strncpy (ip1, IPADDY (c->lac->localaddr), sizeof (ip1));
997 strncpy (ip2, IPADDY (c->lac->remoteaddr), sizeof (ip2));
998 po = add_opt (po, "%s:%s", c->lac->localaddr ? ip1 : "",
999 c->lac->remoteaddr ? ip2 : "");
1000 if (c->lac->authself)
1001 {
1002 if (c->lac->pap_refuse)
1003 po = add_opt (po, "refuse-pap");
1004 if (c->lac->chap_refuse)
1005 po = add_opt (po, "refuse-chap");
1006 }
1007 else
1008 {
1009 po = add_opt (po, "refuse-pap");
1010 po = add_opt (po, "refuse-chap");
1011 }
1012 if (c->lac->authpeer)
1013 {
1014 po = add_opt (po, "auth");
1015 if (c->lac->pap_require)
1016 po = add_opt (po, "require-pap");
1017 if (c->lac->chap_require)
1018 po = add_opt (po, "require-chap");
1019 }
1020 if (c->lac->authname[0])
1021 {
1022 po = add_opt (po, "name");
1023 po = add_opt (po, c->lac->authname);
1024 }
1025 if (c->lac->debug)
1026 po = add_opt (po, "debug");
1027 if (c->lac->pppoptfile[0])
1028 {
1029 po = add_opt (po, "file");
1030 po = add_opt (po, c->lac->pppoptfile);
1031 }
1032 };
1033 start_pppd (c, po);
1034
1035 /* jz: just show some information */
1036 l2tp_log (LOG_INFO,
1037 "parameters: Local: %d , Remote: %d , Serial: %d , Pid: %d , Tunnelid: %d , Phoneid: %s\n",
1038 c->ourcid, c->cid, c->serno, c->pppd, t->ourtid, c->dial_no);
1039
1040 opt_destroy (po);
1041 if (c->lac)
1042 c->lac->rtries = 0;
1043 break;
1044
1045
1046 case CDN:
1047 if (c->qcid < 0)
1048 {
1049 if (DEBUG)
1050 l2tp_log (LOG_DEBUG,
1051 "%s: Peer tried to disconnect without specifying call ID\n",
1052 __FUNCTION__);
1053 return -EINVAL;
1054 }
1055 if (c == t->self)
1056 {
1057 p = t->call_head;
1058 while (p && (p->cid != c->qcid))
1059 p = p->next;
1060 if (!p)
1061 {
1062 if (DEBUG)
1063 l2tp_log (LOG_DEBUG,
1064 "%s: Unable to determine call to be disconnected.\n",
1065 __FUNCTION__);
1066 return -EINVAL;
1067 }
1068 }
1069 else {
1070 p = c;
1071 }
1072
1073 /* Work around bug in MSL2TP client */
1074 if ((t->firmware == 0xff00) && (!(strncmp(t->vendor, "Deterministic Networks Inc.", 27))))
1075 tmpcid = p->ourcid;
1076 else
1077 tmpcid = p->cid;
1078
1079 if ((c->qcid != tmpcid) && tmpcid > 0)
1080 {
1081 if (DEBUG)
1082 l2tp_log (LOG_DEBUG,
1083 "%s: Peer tried to disconnect with invalid CID (%d != %d)\n",
1084 __FUNCTION__, c->qcid, c->ourcid);
1085 return -EINVAL;
1086 }
1087 c->qcid = -1;
1088 if (c->result < 0)
1089 {
1090 if (DEBUG)
1091 l2tp_log (LOG_DEBUG,
1092 "%s: Peer tried to disconnect without specifying result code.\n",
1093 __FUNCTION__);
1094 return -EINVAL;
1095 }
1096 l2tp_log (LOG_INFO,
1097 "%s: Connection closed to %s, serial %d (%s)\n", __FUNCTION__,
1098 IPADDY (t->peer.sin_addr), c->serno, c->errormsg);
1099 c->needclose = 0;
1100 c->closing = -1;
1101 break;
1102 case Hello:
1103 break;
1104 case SLI:
1105 break;
1106 default:
1107 l2tp_log (LOG_DEBUG,
1108 "%s: Don't know how to finish a message of type %d\n",
1109 __FUNCTION__, c->msgtype);
1110 set_error (c, VENDOR_ERROR, "Unimplemented message %d\n", c->msgtype);
1111 }
1112 return 0;
1113 }
1114
1115 inline int check_control (const struct buffer *buf, struct tunnel *t,
1116 struct call *c)
1117 {
1118 /*
1119 * Check if this is a valid control
1120 * or not. Returns 0 on success
1121 */
1122 struct control_hdr *h = (struct control_hdr *) (buf->start);
1123 struct buffer *zlb;
1124 if (buf->len < sizeof (struct control_hdr))
1125 {
1126 if (DEBUG)
1127 {
1128 l2tp_log (LOG_DEBUG,
1129 "%s: Received too small of packet\n", __FUNCTION__);
1130 }
1131 return -EINVAL;
1132 }
1133 #ifdef SANITY
1134 if (buf->len != h->length)
1135 {
1136 if (DEBUG)
1137 {
1138 l2tp_log (LOG_DEBUG,
1139 "%s: Reported and actual sizes differ (%d != %d)\n",
1140 __FUNCTION__, h->length, buf->len);
1141 }
1142 return -EINVAL;
1143 }
1144 /*
1145 * FIXME: H-bit handling goes here
1146 */
1147 #ifdef DEBUG_CONTROL
1148 l2tp_log (LOG_DEBUG, "%s: control, cid = %d, Ns = %d, Nr = %d\n", __FUNCTION__,
1149 c->cid, h->Ns, h->Nr);
1150 #endif
1151 if (h->Ns != t->control_rec_seq_num)
1152 {
1153 if (DEBUG)
1154 l2tp_log (LOG_DEBUG,
1155 "%s: Received out of order control packet on tunnel %d (got %d, expected %d)\n",
1156 __FUNCTION__, t->tid, h->Ns, t->control_rec_seq_num);
1157 if (((h->Ns < t->control_rec_seq_num) &&
1158 ((t->control_rec_seq_num - h->Ns) < 32768)) ||
1159 ((h->Ns > t->control_rec_seq_num) &&
1160 ((t->control_rec_seq_num - h->Ns) > 32768)))
1161 {
1162 /*
1163 * Woopsies, they sent us a message we should have already received
1164 * so we should send them a ZLB so they know
1165 * for sure that we already have it.
1166 */
1167 #ifdef DEBUG_ZLB
1168 if (DEBUG)
1169 l2tp_log (LOG_DEBUG, "%s: Sending an updated ZLB in reponse\n",
1170 __FUNCTION__);
1171 #endif
1172 zlb = new_outgoing (t);
1173 control_zlb (zlb, t, c);
1174 udp_xmit (zlb, t);
1175 toss (zlb);
1176 }
1177 else if (!t->control_rec_seq_num && (t->tid == -1))
1178 {
1179 /* We made this tunnel just for this message, so let's
1180 destroy it. */
1181 c->needclose = 0;
1182 c->closing = -1;
1183 }
1184 return -EINVAL;
1185 }
1186 else
1187 {
1188 t->control_rec_seq_num++;
1189 c->cnu = -1;
1190 }
1191 /*
1192 * So we know what the other end has received
1193 * so far
1194 */
1195
1196 t->cLr = h->Nr;
1197 if (t->sanity)
1198 {
1199 if (!CTBIT (h->ver))
1200 {
1201 if (DEBUG)
1202 {
1203 l2tp_log (LOG_DEBUG, "%s: Control bit not set\n", __FUNCTION__);
1204 }
1205 return -EINVAL;
1206 }
1207 if (!CLBIT (h->ver))
1208 {
1209 if (DEBUG)
1210 {
1211 l2tp_log (LOG_DEBUG, "%s: Length bit not set\n", __FUNCTION__);
1212 }
1213 return -EINVAL;
1214 }
1215 if (!CFBIT (h->ver))
1216 {
1217 if (DEBUG)
1218 {
1219 l2tp_log (LOG_DEBUG, "%s: Flow bit not set\n", __FUNCTION__);
1220 }
1221 return -EINVAL;
1222 }
1223 if (CVER (h->ver) != VER_L2TP)
1224 {
1225 if (DEBUG)
1226 {
1227 if (CVER (h->ver) == VER_PPTP)
1228 {
1229 l2tp_log (LOG_DEBUG,
1230 "%s: PPTP packet received\n", __FUNCTION__);
1231 }
1232 else if (CVER (h->ver) < VER_L2TP)
1233 {
1234 l2tp_log (LOG_DEBUG,
1235 "%s: L2F packet received\n", __FUNCTION__);
1236 }
1237 else
1238 {
1239 l2tp_log (LOG_DEBUG,
1240 "%s: Unknown version received\n", __FUNCTION__);
1241 }
1242 }
1243 return -EINVAL;
1244 }
1245
1246 }
1247 #endif
1248 return 0;
1249 }
1250
1251 inline int check_payload (struct buffer *buf, struct tunnel *t,
1252 struct call *c)
1253 {
1254 /*
1255 * Check if this is a valid payload
1256 * or not. Returns 0 on success.
1257 */
1258
1259 int ehlen = MIN_PAYLOAD_HDR_LEN;
1260 struct payload_hdr *h = (struct payload_hdr *) (buf->start);
1261 if (!c)
1262 {
1263 if (DEBUG)
1264 {
1265 l2tp_log (LOG_DEBUG, "%s: Aempted to send payload on tunnel\n",
1266 __FUNCTION__);
1267 }
1268 return -EINVAL;
1269 }
1270 if (buf->len < MIN_PAYLOAD_HDR_LEN)
1271 {
1272 /* has to be at least MIN_PAYLOAD_HDR_LEN
1273 no matter what. we'll look more later */
1274 if (DEBUG)
1275 {
1276 l2tp_log (LOG_DEBUG, "%s:Recieved to small of packet\n", __FUNCTION__);
1277 }
1278 return -EINVAL;
1279 }
1280 #ifdef SANITY
1281 if (t->sanity)
1282 {
1283 if (PTBIT (h->ver))
1284 {
1285 if (DEBUG)
1286 {
1287 l2tp_log (LOG_DEBUG, "%s Control bit set\n", __FUNCTION__);
1288 }
1289 return -EINVAL;
1290 }
1291 if (PLBIT (h->ver))
1292 ehlen += 2; /* Should have length information */
1293 if (PFBIT (h->ver))
1294 {
1295 /* if (!c->fbit && !c->ourfbit) {
1296 if (DEBUG)
1297 l2tp_log(LOG_DEBUG,"%s: flow bit set, but no RWS negotiated.\n",__FUNCTION__);
1298 return -EINVAL;
1299 } */
1300 ehlen += 4; /* Should have Ns and Nr too */
1301 }
1302 /* if (!PFBIT(h->ver)) {
1303 if (c->fbit || c->ourfbit) {
1304 if (DEBUG)
1305 l2tp_log(LOG_DEBUG, "%s: no flow bit, but RWS was negotiated.\n",__FUNCTION__);
1306 return -EINVAL;;
1307 }
1308 } */
1309 if (PSBIT (h->ver))
1310 ehlen += 2; /* Offset information */
1311 if (PLBIT (h->ver))
1312 ehlen += h->length; /* include length if available */
1313 if (PVER (h->ver) != VER_L2TP)
1314 {
1315 if (DEBUG)
1316 {
1317 if (PVER (h->ver) == VER_PPTP)
1318 {
1319 l2tp_log (LOG_DEBUG, "%s: PPTP packet received\n",
1320 __FUNCTION__);
1321 }
1322 else if (CVER (h->ver) < VER_L2TP)
1323 {
1324 l2tp_log (LOG_DEBUG, "%s: L2F packet received\n",
1325 __FUNCTION__);
1326 }
1327 else
1328 {
1329 l2tp_log (LOG_DEBUG, "%s: Unknown version received\n",
1330 __FUNCTION__);
1331 }
1332 }
1333 return -EINVAL;
1334 }
1335 if ((buf->len < ehlen) && !PLBIT (h->ver))
1336 {
1337 if (DEBUG)
1338 {
1339 l2tp_log (LOG_DEBUG, "%s payload too small (%d < %d)\n",
1340 __FUNCTION__, buf->len, ehlen);
1341 }
1342 return -EINVAL;
1343 }
1344 if ((buf->len != h->length) && PLBIT (h->ver))
1345 {
1346 if (DEBUG)
1347 {
1348 l2tp_log (LOG_DEBUG, "%s: size mismatch (%d != %d)\n",
1349 __FUNCTION__, buf->len, h->length);
1350 }
1351 return -EINVAL;
1352 }
1353 }
1354 #endif
1355 return 0;
1356 }
1357 inline int expand_payload (struct buffer *buf, struct tunnel *t,
1358 struct call *c)
1359 {
1360 /*
1361 * Expands payload header. Does not check for valid header,
1362 * check_payload() should already be called as a prerequisite.
1363 */
1364 struct payload_hdr *h = (struct payload_hdr *) (buf->start);
1365 _u16 *r = (_u16 *) h; /* Nice to have raw word pointers */
1366 struct payload_hdr *new_hdr;
1367 int ehlen = 0;
1368 /*
1369 * We first calculate our offset
1370 */
1371 if (!PLBIT (h->ver))
1372 ehlen += 2; /* Should have length information */
1373 if (!PFBIT (h->ver))
1374 ehlen += 4; /* Should have Ns and Nr too */
1375 if (!PSBIT (h->ver))
1376 ehlen += 2; /* Offset information */
1377 if (ehlen)
1378 {
1379 /*
1380 * If this payload is missing any information, we'll
1381 * fill it in
1382 */
1383 new_hdr = (struct payload_hdr *) (buf->start - ehlen);
1384 if ((void *) new_hdr < (void *) buf->rstart)
1385 {
1386 l2tp_log (LOG_WARNING, "%s: not enough space to decompress frame\n",
1387 __FUNCTION__);
1388 return -EINVAL;
1389
1390 };
1391 new_hdr->ver = *r;
1392 if (PLBIT (new_hdr->ver))
1393 {
1394 r++;
1395 new_hdr->length = *r;
1396 }
1397 else
1398 {
1399 new_hdr->length = buf->len + ehlen;
1400 };
1401 r++;
1402 new_hdr->tid = *r;
1403 r++;
1404 new_hdr->cid = *r;
1405 if (PFBIT (new_hdr->ver))
1406 {
1407 r++;
1408 new_hdr->Ns = *r;
1409 r++;
1410 new_hdr->Nr = *r;
1411 }
1412 else
1413 {
1414 new_hdr->Nr = c->data_seq_num;
1415 new_hdr->Ns = c->data_rec_seq_num;
1416 };
1417 if (PSBIT (new_hdr->ver))
1418 {
1419 r++;
1420 new_hdr->o_size = *r;
1421 // r++;
1422 // new_hdr->o_pad = *r;
1423 }
1424 else
1425 {
1426 new_hdr->o_size = 0;
1427 // new_hdr->o_pad = 0;
1428 }
1429 }
1430 else
1431 new_hdr = h;
1432 /*
1433 * Handle sequence numbers
1434 *
1435 */
1436 /* JLM if (PRBIT(new_hdr->ver)) {
1437 if (c->pSr > new_hdr->Ns) {
1438 l2tp_log(LOG_DEBUG, "%s: R-bit set with Ns < pSr!\n",__FUNCTION__);
1439 return -EINVAL;
1440 }
1441 #ifdef DEBUG_FLOW
1442 l2tp_log(LOG_DEBUG, "%s: R-bit set on packet %d\n",__FUNCTION__,new_hdr->Ns);
1443 #endif
1444 c->pSr=new_hdr->Ns;
1445 } */
1446 #ifdef DEBUG_PAYLOAD
1447 l2tp_log (LOG_DEBUG, "%s: payload, cid = %d, Ns = %d, Nr = %d\n", __FUNCTION__,
1448 c->cid, new_hdr->Ns, new_hdr->Nr);
1449 #endif
1450 if (new_hdr->Ns != c->data_seq_num)
1451 {
1452 /* RFC1982-esque comparison of serial numbers */
1453 if (((new_hdr->Ns < c->data_rec_seq_num) &&
1454 ((c->data_rec_seq_num - new_hdr->Ns) < 32768)) ||
1455 ((new_hdr->Ns > c->data_rec_seq_num) &&
1456 ((c->data_rec_seq_num - new_hdr->Ns) > 32768)))
1457 {
1458 #ifdef DEBUG_FLOW
1459 if (DEBUG)
1460 l2tp_log (LOG_DEBUG,
1461 "%s: Already seen this packet before (%d)\n",
1462 __FUNCTION__, new_hdr->Ns);
1463 #endif
1464 return -EINVAL;
1465 }
1466 else if (new_hdr->Ns <= c->data_rec_seq_num + PAYLOAD_FUDGE)
1467 {
1468 /* FIXME: I should buffer for out of order packets */
1469 #ifdef DEBUG_FLOW
1470 if (DEBUG)
1471 l2tp_log (LOG_DEBUG,
1472 "%s: Oops, lost a packet or two (%d). continuing...\n",
1473 __FUNCTION__, new_hdr->Ns);
1474 #endif
1475 c->data_rec_seq_num = new_hdr->Ns;
1476 }
1477 else
1478 {
1479 #ifdef DEBUG_FLOW
1480 if (DEBUG)
1481 l2tp_log (LOG_DEBUG,
1482 "%s: Received out of order payload packet (%d)\n",
1483 __FUNCTION__, new_hdr->Ns);
1484 #endif
1485 return -EINVAL;
1486 }
1487 }
1488 else
1489 {
1490 c->data_rec_seq_num++;
1491 c->pnu = -1;
1492 }
1493 /*
1494 * Check to see what the last thing
1495 * we got back was
1496 */
1497 c->pLr = new_hdr->Nr;
1498 buf->start = new_hdr;
1499 buf->len += ehlen;
1500 return 0;
1501 }
1502
1503 void send_zlb (void *data)
1504 {
1505 /*
1506 * Send a ZLB. This procedure should be schedule()able
1507 */
1508 struct call *c;
1509 struct tunnel *t;
1510 struct buffer *buf;
1511 c = (struct call *) data;
1512 if (!c)
1513 {
1514 l2tp_log (LOG_WARNING, "%s: called on NULL call\n", __FUNCTION__);
1515 return;
1516 }
1517 t = c->container;
1518 if (!t)
1519 {
1520 l2tp_log (LOG_WARNING, "%s: called on call with NULL container\n",
1521 __FUNCTION__);
1522 return;
1523 }
1524 /* Update the counter so we know what Lr was when we last transmited a ZLB */
1525 c->prx = c->data_rec_seq_num;
1526 buf = new_payload (t->peer);
1527 add_payload_hdr (t, c, buf);
1528 c->data_seq_num--; /* We don't increment on ZLB's */
1529 c->zlb_xmit = NULL;
1530 #ifdef DEBUG_ZLB
1531 l2tp_log (LOG_DEBUG, "%s: sending payload ZLB\n", __FUNCTION__);
1532 #endif
1533 udp_xmit (buf, t);
1534 toss (buf);
1535 }
1536
1537 inline int write_packet (struct buffer *buf, struct tunnel *t, struct call *c,
1538 int convert)
1539 {
1540 /*
1541 * Write a packet, doing sync->async conversion if
1542 * necessary
1543 */
1544 int x;
1545 unsigned char e;
1546 int err;
1547 static unsigned char wbuf[MAX_RECV_SIZE];
1548 int pos = 0;
1549
1550 if (c->fd < 0)
1551 {
1552 if (DEBUG || 1)
1553 l2tp_log (LOG_DEBUG, "%s: tty is not open yet.\n", __FUNCTION__);
1554 return -EIO;
1555 }
1556 /*
1557 * Skip over header
1558 */
1559 _u16 offset = ((struct payload_hdr*)(buf->start))->o_size; // For FIXME:
1560 buf->start += sizeof(struct payload_hdr) + offset;
1561 buf->len -= sizeof(struct payload_hdr) + offset;
1562
1563 c->rx_pkts++;
1564 c->rx_bytes += buf->len;
1565
1566 /*
1567 * FIXME: What about offset?
1568 */
1569 while (!convert)
1570 {
1571 /* We are given async frames, so write them
1572 directly to the tty */
1573 err = write (c->fd, buf->start, buf->len);
1574 if (err == buf->len)
1575 {
1576 return 0;
1577 }
1578 else if (err == 0)
1579 {
1580 l2tp_log (LOG_WARNING, "%s: wrote no bytes of async packet\n",
1581 __FUNCTION__);
1582 return -EINVAL;
1583 }
1584 else if (err < 0)
1585 {
1586 if ((errno == EAGAIN) || (errno == EINTR))
1587 {
1588 continue;
1589 }
1590 else
1591 {
1592 l2tp_log (LOG_WARNING, "%s: async write failed: %s\n", __FUNCTION__,
1593 strerror (errno));
1594 }
1595 }
1596 else if (err < buf->len)
1597 {
1598 l2tp_log (LOG_WARNING, "%s: short write (%d of %d bytes)\n", __FUNCTION__,
1599 err, buf->len);
1600 return -EINVAL;
1601 }
1602 else if (err > buf->len)
1603 {
1604 l2tp_log (LOG_WARNING, "%s: write returned LONGER than buffer length?\n",
1605 __FUNCTION__);
1606 return -EINVAL;
1607 }
1608 }
1609
1610 /*
1611 * sync->async conversion if we're doing sync frames
1612 * since the pppd driver will expect async frames
1613 * Write leading flag character
1614 */
1615
1616 add_fcs (buf);
1617 e = PPP_FLAG;
1618 wbuf[pos++] = e;
1619 for (x = 0; x < buf->len; x++)
1620 {
1621 // we must at least still have 3 bytes left in the worst case scenario:
1622 // 1 for a possible escape, 1 for the value and 1 to end the PPP stream.
1623 if(pos >= (sizeof(wbuf) - 4)) {
1624 if(DEBUG)
1625 l2tp_log(LOG_CRIT, "%s: rx packet is too big after PPP encoding (size %u, max is %u)\n",
1626 __FUNCTION__, buf->len, MAX_RECV_SIZE);
1627 return -EINVAL;
1628 }
1629 e = *((char *) buf->start + x);
1630 if ((e < 0x20) || (e == PPP_ESCAPE) || (e == PPP_FLAG))
1631 {
1632 /* Escape this */
1633 e = e ^ 0x20;
1634 wbuf[pos++] = PPP_ESCAPE;
1635 }
1636 wbuf[pos++] = e;
1637
1638 }
1639 wbuf[pos++] = PPP_FLAG;
1640
1641 #if 0
1642 if(DEBUG) {
1643 l2tp_log(LOG_DEBUG, "after sync->async, expanded %d->%d\n",
1644 buf->len, pos);
1645 }
1646 #endif
1647
1648 x = 0;
1649 while ( pos != x )
1650 {
1651 err = write (c->fd, wbuf+x, pos-x);
1652 if ( err < 0 ) {
1653 if ( errno != EINTR && errno != EAGAIN ) {
1654 l2tp_log (LOG_WARNING, "%s: %s(%d)\n", __FUNCTION__, strerror (errno),
1655 errno);
1656 /*
1657 * I guess pppd died. we'll pretend
1658 * everything ended normally
1659 */
1660 c->needclose = -1;
1661 c->fd = -1;
1662 return -EIO;
1663 }
1664 else {
1665 continue; //goto while
1666 }
1667 }
1668 x += err;
1669 }
1670 return 0;
1671 }
1672
1673 void handle_special (struct buffer *buf, struct call *c, _u16 call)
1674 {
1675 /*
1676 * This procedure is called when we have received a packet
1677 * on a call which doesn't exist in our tunnel. We want to
1678 * send back a ZLB to keep the tunnel alive, on that particular
1679 * call if it was a CDN, otherwise, send a CDN to notify them
1680 * that this call has been terminated.
1681 */
1682 struct buffer *outgoing;
1683 struct tunnel *t = c->container;
1684 /* Don't do anything unless it's a control packet */
1685 if (!CTBIT (*((_u16 *) buf->start)))
1686 return;
1687 /* Temporarily, we make the tunnel have cid of call instead of 0,
1688 but we need to stop any scheduled events (like Hello's in
1689 particular) which might use this value */
1690 c->cid = call;
1691 if (!check_control (buf, t, c))
1692 {
1693 if (buf->len == sizeof (struct control_hdr))
1694 {
1695 /* If it's a ZLB, we ignore it */
1696 if (gconfig.debug_tunnel)
1697 l2tp_log (LOG_DEBUG, "%s: ZLB for closed call\n", __FUNCTION__);
1698 c->cid = 0;
1699 return;
1700 }
1701 /* Make a packet with the specified call number */
1702 outgoing = new_outgoing (t);
1703 /* FIXME: If I'm not a CDN, I need to send a CDN */
1704 control_zlb (buf, t, c);
1705 c->cid = 0;
1706 udp_xmit (buf, t);
1707 toss (buf);
1708 }
1709 else
1710 {
1711 c->cid = 0;
1712 if (gconfig.debug_tunnel)
1713 l2tp_log (LOG_DEBUG, "%s: invalid control packet\n", __FUNCTION__);
1714 }
1715 }
1716
1717 inline int handle_packet (struct buffer *buf, struct tunnel *t,
1718 struct call *c)
1719 {
1720 int res;
1721 /* tv code is commented out below
1722 #ifdef DEBUG_ZLB
1723 struct timeval tv;
1724 #endif
1725 */
1726 if (CTBIT (*((_u16 *) buf->start)))
1727 {
1728 /* We have a control packet */
1729 if (!check_control (buf, t, c))
1730 {
1731 c->msgtype = -1;
1732 if (buf->len == sizeof (struct control_hdr))
1733 {
1734 #ifdef DEBUG_ZLB
1735 l2tp_log (LOG_DEBUG, "%s: control ZLB received\n", __FUNCTION__);
1736 #endif
1737 t->control_rec_seq_num--;
1738 c->cnu = 0;
1739 if (c->needclose && c->closing)
1740 {
1741 if (c->container->cLr >= c->closeSs)
1742 {
1743 #ifdef DEBUG_ZLB
1744 l2tp_log (LOG_DEBUG, "%s: ZLB for closing message found\n",
1745 __FUNCTION__);
1746 #endif
1747 c->needclose = 0;
1748 /* Trigger final closing of call */
1749 }
1750 }
1751 return 0;
1752 }
1753 else if (!handle_avps (buf, t, c))
1754 {
1755 return control_finish (t, c);
1756 }
1757 else
1758 {
1759 if (gconfig.debug_tunnel)
1760 l2tp_log (LOG_DEBUG, "%s: bad AVP handling!\n", __FUNCTION__);
1761 return -EINVAL;
1762 }
1763 }
1764 else
1765 {
1766 l2tp_log (LOG_DEBUG, "%s: bad control packet!\n", __FUNCTION__);
1767 return -EINVAL;
1768 }
1769 }
1770 else
1771 {
1772 if (!check_payload (buf, t, c))
1773 {
1774 if (!expand_payload (buf, t, c))
1775 {
1776 if (buf->len > sizeof (struct payload_hdr))
1777 {
1778 /* if (c->throttle) {
1779 if (c->pSs > c->pLr + c->rws) {
1780 #ifdef DEBUG_FLOW
1781 l2tp_log(LOG_DEBUG, "%s: not yet dethrottling call\n",__FUNCTION__);
1782 #endif
1783 } else {
1784 #ifdef DEBUG_FLOW
1785 l2tp_log(LOG_DEBUG, "%s: dethrottling call\n",__FUNCTION__);
1786 #endif
1787 if (c->dethrottle) deschedule(c->dethrottle);
1788 c->dethrottle=NULL;
1789 c->throttle = 0;
1790 }
1791 } */
1792 /* JLM res = write_packet(buf,t,c, c->frame & SYNC_FRAMING); */
1793 res = write_packet (buf, t, c, SYNC_FRAMING);
1794 if (res)
1795 return res;
1796 /*
1797 * Assuming we wrote to the ppp driver okay, we should
1798 * do something about ZLB's unless *we* requested no
1799 * window size or if they we have turned off our fbit.
1800 */
1801
1802 /* if (c->ourfbit && (c->ourrws > 0)) {
1803 if (c->pSr >= c->prx + c->ourrws - 2) {
1804 We've received enough to fill our receive window. At
1805 this point, we should immediately send a ZLB!
1806 #ifdef DEBUG_ZLB
1807 l2tp_log(LOG_DEBUG, "%s: Sending immediate ZLB!\n",__FUNCTION__);
1808 #endif
1809 if (c->zlb_xmit) {
1810 Deschedule any existing zlb_xmit's
1811 deschedule(c->zlb_xmit);
1812 c->zlb_xmit = NULL;
1813 }
1814 send_zlb((void *)c);
1815 } else {
1816 struct timeval tv;
1817 We need to schedule sending a ZLB. FIXME: Should
1818 be 1/4 RTT instead, when rate adaptive stuff is
1819 in place. Spec allows .5 seconds though
1820 tv.tv_sec = 0;
1821 tv.tv_usec = 500000;
1822 if (c->zlb_xmit)
1823 deschedule(c->zlb_xmit);
1824 #ifdef DEBUG_ZLB
1825 l2tp_log(LOG_DEBUG, "%s: scheduling ZLB\n",__FUNCTION__);
1826 #endif
1827 c->zlb_xmit = schedule(tv, &send_zlb, (void *)c);
1828 }
1829 } */
1830 return 0;
1831 }
1832 else if (buf->len == sizeof (struct payload_hdr))
1833 {
1834 #ifdef DEBUG_ZLB
1835 l2tp_log (LOG_DEBUG, "%s: payload ZLB received\n",
1836 __FUNCTION__);
1837 #endif
1838 /* if (c->throttle) {
1839 if (c->pSs > c->pLr + c->rws) {
1840 #ifdef DEBUG_FLOW
1841 l2tp_log(LOG_DEBUG, "%s: not yet dethrottling call\n",__FUNCTION__);
1842 #endif
1843 } else {
1844 #ifdef DEBUG_FLOW
1845 l2tp_log(LOG_DEBUG, "%s: dethrottling call\n",__FUNCTION__);
1846 #endif
1847 if (c->dethrottle)
1848 deschedule(c->dethrottle);
1849 c->dethrottle=NULL;
1850 c->throttle = 0;
1851 }
1852 } */
1853 c->data_rec_seq_num--;
1854 return 0;
1855 }
1856 else
1857 {
1858 l2tp_log (LOG_DEBUG, "%s: payload too small!\n", __FUNCTION__);
1859 return -EINVAL;
1860 }
1861 }
1862 else
1863 {
1864 if (gconfig.debug_tunnel)
1865 l2tp_log (LOG_DEBUG, "%s: unable to expand payload!\n",
1866 __FUNCTION__);
1867 return -EINVAL;
1868 }
1869 }
1870 else
1871 {
1872 l2tp_log (LOG_DEBUG, "%s: invalid payload packet!\n", __FUNCTION__);
1873 return -EINVAL;
1874 }
1875 }
1876 }